Tight Upper and Lower Bounds for Leakage-Resilient, Locally Decodable and Updatable Non-malleable Codes

In a recent result, Dachman-Soled et al. (TCC ’15) proposed a new notion called locally decodable and updatable non-malleable codes, which informally, provides the security guarantees of a non-malleable code while also allowing for efficient random access. They also considered locally decodable and updatable non-malleable codes that are leakageresilient, allowing for adversaries who continually leak information in addition to tampering. Unfortunately, the locality of their construction in the continual setting was Ω(logn), meaning that if the original message size was n blocks, then Ω(logn) blocks of the codeword had to be accessed upon each decode and update instruction. In this work, we ask whether super-constant locality is inherent in this setting. We answer the question affirmatively by showing tight upper and lower bounds. Specifically, in any threat model which allows for a rewind attack—wherein the attacker leaks a small amount of data, waits for the data to be overwritten and then writes the original data back—we show that a locally decodable and updatable non-malleable code with block size X ∈ poly(λ) number of bits requires locality δ(n) ∈ ω(1), where n = poly(λ) is message length and λ is security parameter. On the other hand, we re-visit the threat model of Dachman-Soled et al. (TCC ’15)—which indeed allows the adversary to launch a rewind attack— and present a construction of a locally decodable and updatable nonmalleable code with block size X ∈ Ω(λ) number of bits (for constant 0 < μ < 1) with locality δ(n), for any δ(n) ∈ ω(1), and n = poly(λ).